Home > Backend Development > PHP Tutorial > Summary of methods for shielding returned error messages in PHP

Summary of methods for shielding returned error messages in PHP

PHPz
Release: 2023-04-11 14:32:01
Original
1385 people have browsed it

In the process of PHP development, we will inevitably encounter some program running errors. At this time, the system's default error message may provide opportunities for attackers. Therefore, in the actual development process, we need to shield error information to enhance the security of the website. This article will provide you with some reference by introducing the method of shielding error information returned by PHP.

  1. Turn off error reporting

PHP provides a method to turn off error reporting, that is, add the following line of code to the code:

error_reporting(0);
Copy after login

When using this method , PHP will not display any error messages, including syntax errors and runtime errors. This method is simple and easy to use, but developers cannot find and fix errors in time, so it is only suitable for officially launched websites.

  1. Save error information to the log file

Use this method to save the error information to the log file on the server side. The code is as follows:

ini_set('log_errors', 'On'); //开启日志记录
ini_set('error_log', '/var/log/php.error.log'); //将错误信息输出到指定路径的日志文件中
Copy after login

During the development process, you can use this method to quickly locate the cause of the error and fix it by viewing the log file when an error occurs.

  1. Redirect error information to a custom page

Use this method to redirect error information to a custom page to achieve shielding. The code is as follows:

ini_set('display_errors', 'Off');
ini_set('error_reporting', E_ALL);
ini_set('log_errors', 'On');
ini_set('error_log', '/var/log/php.error.log');

function myErrorHandler($errno, $errstr, $errfile, $errline) {
    header('Location: /error.html'); //将错误信息重定向至自定义错误页面
    exit; //终止脚本的执行
}

set_error_handler('myErrorHandler');
Copy after login

With this method, even if an error occurs, the attacker cannot see any useful information, thus improving the security of the website.

  1. Use .htaccess file to redirect error messages

If your website uses Apache server, you can use .htaccess file for site-wide blocking. The following code redirects the error message to a custom error page:

php_flag display_errors Off //关闭错误信息输出
php_value error_reporting 0 //屏蔽所有错误信息
ErrorDocument 500 /error.html //设置500错误的自定义错误页面
Copy after login

This method is suitable for multiple PHP programs running at the same time. You only need to add the above code to the .htaccess file in the root directory of the website. .

Summary

The above introduces you to the method of shielding the error message returned by PHP. By choosing different methods, we can respond flexibly according to development needs. It should be noted that error message blocking is only a way to enhance website security and cannot replace other security measures. Therefore, during the development process, it is also necessary to combine other security measures to comprehensively improve the security and reliability of the website.

The above is the detailed content of Summary of methods for shielding returned error messages in PHP. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template